One of the many problems with blocking systems is that they require ISPs to take additional steps to monitor users, resulting in real risks to privacy. These risks are amplified in the case of the Garda proposals which – incredibly – would require ISPs to report details of web browsing without any legislative basis whatsoever.

Because of the privacy risks presented by this proposed system, we’ve asked the Data Protection Commissioner to investigate it now, and the full text of our letter (setting out the problems in more detail) is here:

Letter to Data Protection Commissioner Re Garda Blocking Proposals

In a letter which was leaked to us, Gardai have asked Irish ISPs to block sites designated by them, and for information about the browsing habits of users who are alleged to have visited these blocked sites. Here’s the full text of the letter:

Garda Letter to ISPs Requesting BlockingThis blocking – part of wider attempts to stop access to child pornography – is certainly well intentioned. But good intentions aren’t enough.

Experience elsewhere has shown that blocking is largely futile – easily evaded and stopping only a very small proportion of material (it wouldn’t cover, for example, peer to peer filesharing or newsgroups). Earlier this month, for example, it was revealed that Dutch ISPs have, for exactly this reason, abandoned what they concluded was “ineffective” web blocking.

Blocking is also a distraction from what should be the main focus of policing – removing material at source and identifying those responsible. Work in Germany has shown that blocking leaves material available indefinitely, when it could easily be taken down by contacting the hosting providers. Here’s an excerpt from that analysis:

The group developed software to select, categorise and geo-locate 167 blocked Internet domains as a representative sample of websites blocked in Denmark at the time of the investigation. “The result is a smack in the face of law enforcement authorities”, says Alvar Freude of the Working Group. “Of the 167 listed sites, only three contained material that could be regarded as child pornography.” Two of these three sites had been blocked in Denmark since 2008, and these are, or least were, blocked in Sweden, Norway and Finland as well. These sites were therefore known for at least two years in several countries, and apparently law enforcement authorities did nothing to try and get this illegal content removed.

This is even more disturbing because the Working Group managed to take down the remaining sites just by sending a few emails. Two of the sites were hosted in the USA, and even during the weekend (Friday, ca. 10 p.m. EDT) they were removed by the hosters within 30 minutes. On the following Tuesday, the third website was taken down by its registry in India, three hours after notification.

More fundamentally, however, even if blocking were effective then it should only be introduced in accordance with the norms of a democratic society – after public debate, based on legislation and subject to judicial oversight. Instead, what this Garda letter seeks to do is to introduce blocking unilaterally (bypassing even the industry representative bodies ISPAI and ALTO) by means of private contracts with individual ISPs. The result would be that sites could be blocked without any judicial oversight or approval being required and in a way which could easily be extended beyond child pornography in the future. There would be no independent oversight of the list of blocked sites – something which is particularly worrying given that leaks of blacklists in other jurisdictions have shown that many entirely innocent sites have deliberately or inadvertently been blocked. In Australia, for example, the blacklist has been leaked, with the result that:

about half of the sites on the list are not related to child porn and include a slew of online poker sites, YouTube links, regular gay and straight porn sites, Wikipedia entries, euthanasia sites, websites of fringe religions such as satanic sites, fetish sites, Christian sites, the website of a tour operator and even a Queensland dentist.

There will also be extensive collateral damage. This is because the proposed system relies on blocking domains and subdomains – that is, blocking everything on example.com even though the only material involved might be on example.com/users/johndoe123. Consequently, Irish citizens will find themselves unable to access entire domains based on allegations against one individual page, image or user. This is not a theoretical risk – it has already happened to O2 users who found the entire image hosting site IMGUR blocked due to a similar system operated by O2.

In short, therefore, the blocking system which Gardai have sought to impose on ISPs is worrying. It is ineffective at achieving its goals, certain to cause extensive collateral damage to perfectly legal content, and prone to function creep whereby it can be used to target other material in the future. These problems are compounded by the fact that it has no legal basis or judicial oversight.

What can you do about it? Internet filtering falls within two departmental functions, and is the responsibility of both the Department of Justice and the Department of Communications. A good start would be to contact each Minister expressing your concerns.

Pat Rabbitte is the Minister for Communications, Energy and Natural Resources and his contact details are here.

Alan Shatter is the Minister for Justice and Law Reform, and his contact details are here.

You should also consider contacting your ISP and letting them know your concern about these proposals.

We’ll be doing more on this shortly – watch this space.

The Irish mobile operator O2 has acknowledged accidentally blocking the
image hosting website IMGUR through its system for blocking alleged child
abuse material. There appears to have been no indication that there was, in
fact, any illegal material hosted on that site. Furthermore, it is not
obvious on what basis O2 could have made the decision to undertake the
blocking.

In a statement provided to the Irish hotline, which was not published but
simply made available to people who enquired about the problem, O2 explained
that “the technology behind the service (to block child abuse images) is
more far reaching than anticipated and on occasion a site which should not
be blocked may be.” It is impossible to tell how many other innocent, but
smaller and therefore less noticeable, websites are similarly blocked by
accident, due to this “far reaching technology.”

O2 undertakes its blocking system on a voluntary basis, despite the fact
that, according to the European Commission, “such measures must indeed be
subject to law, or they are illegal”(according to the Commission’s impact
assessment on the draft Directive on child exploitation). Nonetheless, the
European Commission is also now supporting such extra-judicial measures and
it is now also proposing to use taxpayers’ money to fund them.

A six million euro call for proposals launched in June 2010 refers to
funding for “blocking access to child pornography OR blocking the access to
illegal Internet content through public-private cooperation”. This call, by
the Commission, for “self-regulatory” blocking of allegedly illegal content
in general was made just a few weeks after Commissioner Malmström explained
at a conference that “the Commission has absolutely no plans to propose
blocking of other types of content – and I would personally very strongly
oppose any such idea”.

It is likely that further deliberate and accidental blocking of websites
will now spread in Ireland, due to the fact that the Irish former monopoly
Eircom agreed to block sites accused of containing unauthorised material,
while mobile operator Vodafone has reportedly also indicated that it will
introduce extra-judicial measures against any of its customers repeatedly
accused of infringements.

Many blogs and online message boards accused the Irish Internet hotline of
having prepared a faulty blocking list and this was what led to IMGUR being
blocked. As the Irish internet hotline does not prepare a blocking list, but
simply acts in its capacity as a hotline, these allegations were incorrect.

Background links:

Commission impact assessment – Accompanying document to the Proposal for a
Council Framework Decision on combating the sexual abuse, sexual
exploitation of children and child pornography, repealing Framework Decision
2004/68/JHA – Impact assessment {COM(2009) 135} {SEC(2009) 356 (25.03.2010)

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52009SC0355:EN:NOT

Irish Internet hotline

http://www.hotline.ie

Vodafone in line to join file-sharing clampdown (16.06.2010)

http://www.irishtimes.com/newspaper/ireland/2010/0616/1224272615990.html

European Commission call for proposals: “Prevention of and fight against
crime”

http://ec.europa.eu/justice_home/funding/isec/doc/tc2_call_2010_en.pdf

Commissioner Malmström speech: “Combating sexual abuse, sexual exploitation
of children and child pornography: the Commission’s proposed Directive”
(6.05.2010)

http://ec.europa.eu/commission_2010-2014/malmstrom/archive/Speech%20%20Malmstrom%20-%20Combating%20sexual%20abuse%2006_05_2010.pdf

[By Joe McNamee - EDRi]

Senator Paschal Donohoe: I thank the Minister for taking this Adjournment matter. It relates to Government thinking on dealing with the issue of illegal file sharing across the Internet. There was some publicity about that in recent weeks in regard to a freedom of information request to the Government through an organisation called Digital Rights Ireland. It was looking to establish Government policy on how it would work with Internet service providers in Ireland to stop files being shared illegally across the Internet.

In raising this issue on the Adjournment I seek to do three things, the first of which is to establish Government policy and thinking on the area because until now I have been unable to get a read on the most recent thinking in terms of the way this area will be dealt with. How we respond to this is becoming increasingly important because there have been a number of High Court rulings in this area to which the Government will have to respond and deliver a policy that will deal with this area.

Second, I have an interest in Irish companies that work on the Internet. These are legitimate large Irish companies that would work in digital media, digital gaming, digital art, animation and so on which depend on the Internet to deliver a legitimate business that is a symbol of the smart economy we are all committed to delivering. Some of those companies have flagged a number of issues in terms of where they see Government policy going that could seriously affect their ability to operate successfully out of Ireland.

Two points have been made to me, the first of which is the need to recognise and emphasise that not all file sharing across the Internet is illegal. Much of the file sharing is important for digital games, on-line enterprises and marketing activity to work. It is completely legal and the kind of enterprise and activity our country is trying to promote as being a hub for Europe and the world.

The second point is a more technical one that I am trying to understand further but it is worth putting on the record. It appears that many of the protocols and technologies that would be involved in illegal file sharing are also the ones used to run legal file sharing and the approach the Government might decide to take may be unable to recognise the difference.

That leads me to the third point I want to make. As this issue was raised with me and I talked to some experts in the area, the message I got back from large employers here, who are strategic to what we are looking to do with our smart economy is that a policy that did not consult them could threaten the jobs and expertise we are building up in areas like cloud computing, digital media and attracting companies like Facebook, which has its European headquarters in Dublin, Google, Bling and so on which depend on many of these technologies for their business and operations in Ireland.

This issue is now being dealt with across Europe and the world and it is being treated much more seriously than was the case in the past. While I am presenting this as a threat to our country because inevitably we respond to bad news we hear and raise them in these Houses, the important flip side is that as other countries make a decision about the way they will respond to this issue, there is the possibility they will use a blunt instrument to deal with it.

I urge the Minister, the Department of Justice, Equality and Law Reform and the Department of Communications, Energy and the Marine to consult broadly with the businesses and stakeholders in Ireland to ensure we come up with a policy that deals comprehensively and seriously with the issue of illegal file sharing, which includes everything from the sharing of songs illegally to child pornography, which is a very serious issue, but in a way that recognises that a great deal of commercial activity we are trying to attract uses the same technology. We have already had much success in that regard.

If we were to do engage in a consultation process, we could formulate a policy that might be more nuanced and effective than those of many other competitive countries which are looking to get the same technologies. That would add to our ability to grow these industries domestically through indigenous talent and would also be another string in our bow in terms of attracting such companies to our country, which we all want. Our country has had a great deal of success in this area up to now.

I realise the Minister of State will reply on behalf of another Department. I understand the reason for that but this is a serious issue and if we all engage in it, it might ward off danger and present an opportunity to us as well. I look forward to the Minister of State’s response and hope to have an opportunity to pursue this issue in the Seanad.

Minister of State at the Departments of Health and Children, Education and Skills, Enterprise, Trade and Innovation and Justice and Law Reform (Deputy John Moloney): I thank Senator Paschal Donohoe for raising this important matter on the Adjournment. I want to advise Senator Donohoe that the Office for Internet Safety, OIS, is an executive office within the Department of Justice, Equality and Law Reform, which the Senator has acknowledged, and has responsibility for promoting Internet safety, with a particular focus on combating child abuse imagery, more commonly known as child pornography. The office is advised by an Internet Safety Advisory Council comprised of key stakeholders in the statutory, industry and community sectors.

The Internet is a worldwide phenomenon with no borders and no single organisation controlling it. Efforts to combat illegal and harmful materials and activities on it can be hampered by the multiplicity of jurisdictions, differing legal systems and societal norms. Tackling Internet downside issues is a complex business and continues to set new challenges and commitments for all those charged with protecting against the downside of the Internet.

In a number of EU member states — the United Kingdom, Denmark, Finland, Norway, Sweden and the Netherlands — a system of Internet blocking-filtering has been introduced on a voluntary basis whereby a so-called blocklist of sites containing illegal child pornography is made available by the police or other competent authorities and is utilised by individual Internet service providers to prevent access to such content. Germany and France have introduced or are considering the introduction of legislation requiring ISPs to block access to websites containing child pornography.

It is generally acknowledged that all such Internet blocking or filtering systems are not foolproof and can be circumvented in certain circumstances. However, such filtering systems are understood to be useful in preventing Internet users from inadvertently encountering such illegal content. All mobile phone operators in Ireland, under a voluntary agreement brokered by the European Commission with GSM Alliance Europe, an association which represents European mobile phone operators, implement a form of filtering on their mobile Internet services which prevents access to websites identified as containing illegal child pornography. There is an existing self-regulatory framework for Internet service providers in operation in Ireland that actively encourages the adoption of best practice procedures aimed at limiting the proliferation of illegal child pornography content on-line. Members of the public may report such material to the Internet Service Providers Association of Ireland www.hotline.ie service. If the material is hosted here and deemed to be illegal and in contravention of Irish law, ISPAI members are obliged to remove such material. If the material is hosted in another jurisdiction, it is notified to the Internet hotline in that jurisdiction and the relevant law enforcement agencies for follow-up, with the aim of having illegal content taken down.

So far as the Department of Justice, Equality and Law Reform is aware, standard Internet service providers in Ireland do not implement any blocking or filtering system in respect of child pornography. The Office of Internet Safety, because of its stated role in the promotion of Internet safety and, in particular, combating child pornography, has a role in examining such issues with advice from the Internet Safety Advisory Council. In undertaking research to develop policy advice in this area the Office of Internet Safety has had discussions with a variety of relevant interests on issues pertinent to the consideration of the possibility or feasibility of introducing Internet filtering in Ireland, specifically in respect of illegal child pornography content. These ongoing discussions were referred to in recent press reports. However, no decisions have been arrived at on the issue of Internet filtering or blocking at national level. Any proposals for the introduction of such a system would, at the very least, need to be submitted to the Government for consideration. The introduction of any such system, particularly if it is mandatory, might require primary legislation. Notwithstanding this, a draft proposal for a directive on combating the sexual abuse and sexual exploitation of children and child pornography has been published recently by the European Commission which could potentially require member states to implement some form of blocking system for websites containing child pornography. This proposal will be discussed in the European Parliament and at the Council of Ministers. Ireland’s participation in the adoption and implementation of this measure will be subject to Government and Oireachtas approval.

Senator Paschal Donohoe: Everyone is supportive of any measure that can be taken to deal with the evil of child pornography and its distribution on the Internet. The consequences of a course of action that could be taken may be more far-reaching and profound than is understood. The response of the Minister of State concerns the discussions taking place — referred to in the first part of my submission — but does not take account of the second part — the effect such a measure could have on interests in Ireland. There are options to deal with the dissemination of child pornography and violent material on the Internet that would have a more benign effect on elements we are legitimately trying to attract to the country. That the Department of Communications, Energy and Natural Resources is not mentioned in the response is telling. That Department is at the forefront in attracting legitimate businesses to the country.

I again thank the Cathaoirleach for giving me the opportunity to raise this matter.

The European Commission has proposed a directive requiring internet service providers (ISPs) to ban access to websites displaying child pornography. Unfortunately, this is the wrong action to take.

It won’t prevent access to the websites in question, and it will start a legislative ball rolling where industry lobby groups will begin to agitate for bans on access to all manner of websites.

The commission’s rationale is that many illegal websites are hosted outside the European Union.

Therefore, it has no power to prosecute the website owners or shut the sites down. The next best move, it reckons, is to compel ISPs across the EU to block access to such sites.

For the person trying to access such a site, a message will be displayed informing them that the URL is blocked.

Some argue that the new rules should go further; that ISPs should be required to keep a record of computer addresses that attempt to access these illegal sites and report them to the police.

There are a great many problems with adopting this approach. Most importantly, it won’t work. Technology used to block access to websites is, generally, old.

It is also quite easy to bypass for anyone who wishes to spend a few minutes online investigating how to do so.

Full text.